I have used >1024 certs on my test 2k server for SSL connections to a browser, no problem. Encryption confirmed with a pacekt sniffer.
As PK encryption is a hybrid, the use of resource intensive Asymmetric encryption (RSA or DH public key) is reserved for securely exchanging the 128 bit session key so that the connection can then use resource efficient symmetric encryption (3des, CAST5, IDEA, AES, TwoFish) for the data transmission. Since the certificate is used solely for authentication and session key exchange, its size is not a factor except in high volume sites where it may be a drag on responses.
If volume was not a major consideration, and data security was...I would use a large key and better symmetric algorithms for things like a IPSec VPN, a "lite" VPN through SSL, or http over SSL.
As I said, the literature by respected cryptographers supposes that 1024 bit asymmetric/90 bit symmetric keys are in danger or have been broken by now. The Bernstein paper suggests a work reduction of those suppositions by 1/3. So , if he is correct (jury is out but no major flaws found) a 1024 bit cert is really about 683 bits in effective strength. That would give you the session key for that particular SSL session and decrypt it.
Who and why anyone would want to do that depends on your threat model.
> Anyway, the proof of the pudding is in the eating. Can you point me to a > secure site that uses a key size >1024 bits? I can't find one for love nor > money. >
Why commercial CAs don't issue larger certs may be the volume/work load factor. Maybe its business, larger one's now would be an admission that 1024 bits are compromised. I know Thawte will trigger and sign 2048 bit personal certificates created in a Mozilla browser.
But in any case, you can create a server certificate of any size using OpenSSL. The benefit of going with a commercial CA is that they are listed in the Root Stores of the browsers. However, adding a Root cert to those stores is very easy. If you can securely distribute a Root (either out of channel or get visitors to your site to install them), then you can offer a better level of security for the data exchanged over SSL.
Yours- Ridge
[EMAIL PROTECTED] wrote:
-----Original Message----- From: Ridge Cook [mailto:[EMAIL PROTECTED] Sent: 03 June 2003 03:10 To: [EMAIL PROTECTED] Subject: Re: Minimum RSA Key length ?
>>>To answer your other question, I don't believe there are
>>any browsers that can accept a RSA key > 1024 bits. I did look into this
>>last year as I was
>>>creating a new SSL key but was advised by the Thawte
>>representative that
>>>although I could create a certificate with this size key,
>>it wouldn't work.
The Thawte Rep was incorrect. I have imported and used certificates/RSA v3
keys of 4096 bit size and higher in Internet Explorer and Mozilla. > Anyway, the proof of the pudding is in the eating. Can you point me to a
> secure site that uses a key size >1024 bits? I can't find one for love nor > money.
Are we at cross-purposes here? I'm referring to server certificates, not client certificates (about which I am completely clueless as I currently have no business reason to use them).
- John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
What is "real"? How do you define "real"? If you're talking about what you can feel, what you can smell, what you can taste and see, then "real" is simply electrical signals interpreted by your brain... (Morpheus, The Matrix, 1999)
-
NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system.
RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments.
Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB.
RNIB Registered Charity Number: 226227
Website: http://www.rnib.org.uk ______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
